On Thu, 28 Oct 2004 16:49:44 +0200, Honza Vlach said:
--9Ek0hoCL9XbhcSqy
Content-Type: text/plain; charset=iso-8859-2
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
use knoppix to boot from, mount the ntfs filesystem, and search the net for
which keys in
On Thu, 28 Oct 2004 16:29:36 EDT, Kenneth Ng said:
It gets a bit harder when you have a lot of KVM switches in a big data
center. It gets even harder when the KVM's are IP accessible
throughout the firm because the twits who put it in didn't believe in
IP access lists.
Somehow, I get the
On Thu, 07 Oct 2004 12:53:33 PDT, Gregory Gilliss said:
FWIW I do believe that hacking does not constitute criminal trespass.
There are legal concepts like consent implied in fact associated with the
act of attaching a computer to an Internet known to be populated by people
and 'bots intent
On Wed, 06 Oct 2004 12:04:37 EDT, Mark Shirley said:
criminals who are caught. Hopefully the ones who contribute the most
to the problem. Personally I don't see a single aspect of this law
that hurts hacking.
(Note - it's a bill until it passes both House and Senate and gets
signed by the
On Tue, 21 Sep 2004 23:29:31 PDT, morning_wood said:
note: Item 4 is also applicable to Nick F. and Valdis K.
And I didn't even post anything in this thread until now - so here's
a test posting so you can tune your procmail filters accordingly... :)
pgpOHBj7oljYU.pgp
Description: PGP
On Wed, 22 Sep 2004 12:05:27 PDT, Daniel Sichel said:
I want to know what financial institutions are clients of the firm that
hired him so I can close my accounts now, before its too late.
Would you do so even if it turns out that almost *all* financial institutions
buy at least *some*
On Tue, 21 Sep 2004 11:40:43 EDT, Stephen Taylor said:
I am a Security Engineer with beginner UNIX knowledge. I need to support
secure process to process communications on Solaris 2.5.1 servers and want a
COTS product or some easy solution. Can anyone point me in the right
direction? I am
On Fri, 17 Sep 2004 15:34:09 CDT, Michael Wilson, Contractor said:
IBM had decided that the average user (of their systems) cannot be trusted
with even knowing about their systems administrative access, much less the
password.
The funny/sad part is that, in general, IBM is right on this
On Fri, 17 Sep 2004 23:03:10 +1200, Nick FitzGerald said:
And, your suggestion does not say what to do with bad JPEGs -- it
seems you assume the JPG to PNG convertor will necessarily and
correctly deal with such invalid input. Do we really know that is a
valid assumption?
There's also
On Fri, 17 Sep 2004 01:58:21 +0300, nobody said:
IF you people really do think billy's *that* retarded, you'd better
improve your sense of humor... One can't be that retarded in the IT
field... :P
If programmers were carpenters, the first woodpecker that came along
would destroy civilization.
On Wed, 15 Sep 2004 16:34:32 EDT, Barry Fitzgerald said:
Why did this need a Vmyths advisory?
So far, I haven't read any disinformation in the media regarding this.
A virus can actually be embedded in the file with this vulnerability
(or, any program, really) and the vulnerable programs
On Tue, 14 Sep 2004 12:03:59 CDT, Frank Knobbe said:
Alternatively, software manufacturers can add their applications into AV
exclusion lists upon installation of their products. Applications
already have to register with the operating systems. Why not make it
register with the AV software if
On Fri, 10 Sep 2004 09:10:19 +0200, Vincent Archer said:
Emulating a human is very very different from making a sentience. That's
the main flaw of the Turing's test: it attempts to prove the existence
of human-type sentience, not sentience in general.
Douglas Adams understood this one - So
On Fri, 10 Sep 2004 14:20:14 PDT, Andrew Farmer said:
Didn't get the OP's message, but yes. If there's no microphone
attached, then the sound card (and, by extension, speech recognition)
can start picking up radio announcers. Spooky, eh?
Man, are they *still* selling sound cards that are
On Wed, 08 Sep 2004 02:01:10 EDT, Byron L. Sonne said:
I'm just waiting for all the cheesy AI fanboys to start yelling at me
now, but then again, they'd probably be the same kind of clowns that
think passing the Turing Test would mean possessing intelligence(2).
Shit man, there's been
On Thu, 09 Sep 2004 16:37:28 -, ktabic said:
So the solution to not run a backup telnet server for updating SSH is to
run a second, known insecure version of sshd on a different port,
presuming of course, that you are allowed to run said sshd on said high
port in the first place.
It's
On Wed, 01 Sep 2004 15:03:03 EDT, Clairmont, Jan M said:
The Clairmont-Everhardt Index of potential Security vulnerability being equal
to the (Number of Computers)! * (Number of People using the systems)! * (Number of
Ports)!
* (the Lines of Code)! * (The number of Applications)! * (Number
On Thu, 02 Sep 2004 23:15:04 BST, James Tucker said:
Oh yeah, I did miss something, you can't disconnect someone from
being present in the building, as you can with a socket on a server.
In some cases, Marines with live ammo *are* used to achieve exactly
that disconnection :)
On Thu, 02 Sep 2004 17:29:10 CDT, [EMAIL PROTECTED] said:
Yes, Firewalls and people are not equivalent. Information technology has
no sentience Mr James.
I'm sorry Dave, I'm afraid I can't let you do that.
If it *had* sentience, we'd pull the plug on it - if we could.
pgpebRpoLNun3.pgp
On Mon, 30 Aug 2004 16:32:01 EDT, =?ISO-8859-1?Q?=DCber_GuidoZ?= said:
The same reason there are so many Windows viruses... 90 something % of
the people online are using Windows, that's thats what the viruses are
after. Back in the day when serial connections were the only means of
On Wed, 01 Sep 2004 05:42:40 PDT, Harlan Carvey said:
You're right, but what does that have to do with an
RS-232 serial cable?
What did you hook your modem to the computer with? It wasn't
like you could fit those old 300 baud acoustic couplers in a PCI slot
(not that PCI had been invented yet
On Wed, 01 Sep 2004 10:06:43 PDT, Harlan Carvey said:
You're right, but what does that have to do with
an
RS-232 serial cable?
What did you hook your modem to the computer with?
Phone cord with an RJ-ll connector. Even back when I
did own a 300baud modem, installed in an
On Thu, 26 Aug 2004 15:41:18 +0200, Richard Verwayen said:
You are right about the passwords, but guest is only a unprivileged
account as you may have on many prodruction machines. But they managed
to become root on this machine due to a kernel(?) exploit!
Or an exploit of any of the set-UID
On Thu, 26 Aug 2004 14:54:37 EDT, KF_lists said:
Will *ANYONE* that actually got hacked do me a favor and type:
uname -a
Then include that in your next email. I keep hearing fully patched
server however I have a feeling the Kernel was left out of the patching.
Most common failure mode for
On Tue, 24 Aug 2004 03:11:05 PDT, Harlan Carvey said:
What?!? What's a paranody?
A spoof containing paranoid elements... a paranoid parody. For multiple
examples thereof, check this list's archives. ;)
pgpGYLLtjMN3s.pgp
Description: PGP signature
On Mon, 23 Aug 2004 01:34:32 BST, The Central Scroutinizer said:
Would it not be better to have a standard secure backdoor provided by a
security package that could downloaded or installed by disk and works hand
in hand with port scanning software, if this is really necassary. I am
No, it
On Sun, 22 Aug 2004 12:33:50 CDT, Robert Brown said:
Also, what about a GPS time receiver on a moving vehicle, such as a
ship at sea? They would not necessarily know that the location
information was wrong, unles they also had other means of determining
location. Besides, it might only be
On Mon, 23 Aug 2004 14:22:42 PDT, Gregory A. Gilliss said:
People, believe it or not, before there was Dubya, before there were mad
rag heads disgracing one of the world's most civilized religions, before
Sir Tim Berners-Lee Gack 'invented' the Web, there was a network of people
who shared
On Fri, 20 Aug 2004 12:23:35 EDT, Barry Fitzgerald said:
An interesting cost benefit analysis of this would be to take the amount
of bandwidth increase if people used encrypted/authenticated
p.s. I'm not sure where to start to get valid numbers on this. Every
scenario I've been able to
On Fri, 20 Aug 2004 19:55:51 +0200, Maarten said:
Stuff like counter-attacking has been discussed often, whether in large open
forums such as FD or in more private circles. Mostly, people were too
concerned to open themselves up for huge lawsuits and or for prosecution
even, but now that
On Tue, 17 Aug 2004 13:04:49 PDT, Jeffrey Denton said:
Misc useless info, libsafe stops these, ummm, bugs.
And it can be found where?
pgpLq31fClZGt.pgp
Description: PGP signature
On Tue, 17 Aug 2004 10:03:26 PDT, Harlan Carvey said:
Since I doubt that senior management of neither
McAfee nor Foundstone actively monitors this list, one
would think that you could have saved yourself some
time if you'd simply read the press release on the
McAfee site.
Press releases
On Thu, 12 Aug 2004 03:33:18 PDT, Harlan Carvey said:
Wow! MS goes about doing what the security folks have
been harping on for years...providing a modicum of
security in their operating system...and now it's a
crap update? Protection against buffer overflows,
the firewall on by default,
On Fri, 13 Aug 2004 21:17:44 +0200, Maarten said:
The only thing Todd (and I) are trying to say is that it is possible to rename
after the fact. I don't #!%$* care how many old Cobol programs need
adapting for that to get possible, but the fact remains that it IS.
The question is *in fact*
On Fri, 13 Aug 2004 20:50:10 +0200, devis said:
Do the interface of OpenOffice and MS Office looks THAT different to you
To a programmer who's abstracted stuff to fairly high levels, they look pretty
much the same. However...
? Hell no. These secretaries are formed to work on an interface,
On Fri, 13 Aug 2004 21:16:57 EDT, Justin Myatt said:
I am away on holiday where email and phones are not readily available.
Please contact Rick Gunderson [EMAIL PROTECTED] / +1 403 539 3726 if
you have any questions.
Question 1:
How many subscribers does full-disclosure have, and what %
On Mon, 09 Aug 2004 21:59:10 PDT, dd said:
I have always approched input validation more from a buisness side of
things then attempting to filter out bad characters. Mitigation of some
attacks is a nice side affect of proper input validation. Making
developers sweat over what characters
On Tue, 10 Aug 2004 02:02:23 EDT, Todd Burroughs said:
No shit. They should at least get together and come up with some common
naming convention. They need to make some common naming authority, it's
not difficult, we do it all the time with other software and as mentioned,
in all scientific
On Tue, 10 Aug 2004 12:42:35 +0200, Dirk Pirschel said:
What about a suid bash? ;-)
That counts as working a little harder. ;)
pgpCPWsLOgHHF.pgp
Description: PGP signature
On Tue, 10 Aug 2004 10:13:55 CDT, Frank Knobbe said:
term of diseases. How many different names do we have for ...say...
chicken pox or colitis or diabetes? Imagine you had 5 different names
for the flu.
Diabetes comes in Type 1 and Type 2, which are quite different (in one,
your pancreas
On Tue, 10 Aug 2004 10:33:50 CDT, Frank Knobbe said:
I know, my wife has type 2. They still call it diabetes.
By that logic, we have bagle, agobot, netsky, and mydoom. No
need for variant names, and no need for a name for an attack of pancreatic
cancer that knocks out your insulin production,
On Tue, 10 Aug 2004 10:44:56 CDT, Frank Knobbe said:
standardized. First representative of an AV shop that raises the hand
says We got a new one! Can't give details of course since you are a
competitor. But if you find the same thing in your research, let's call
it Humptydumpty-2.
Whoever
On Tue, 10 Aug 2004 18:08:48 +0200, Thomas Loch said:
Why can't we handle not yet named viruses as 'unnamed' or we use a
standardized (by ISO?) method to generate a numeric code that consists of a
classification in categories and a sequential number and probably some kind
of checksum or
On Tue, 10 Aug 2004 17:16:43 +0200, Thomas Loch said:
What would I have to do then? (excuse my lack of knowledge, please)
'man cp' and 'man chmod'. Given cp and chmod and initial access to the
ability to run commands as a suitable user, a set-UID bash is achievable...
(Note that you end up
On Sat, 07 Aug 2004 06:25:00 -, bitlance winter said:
#! The first function takes the negative approach.
#! Use a list of bad characters to filter the data
sub FilterNeg {
local( $fd ) = @_;
$fd =~ s/['\%\;\)\(\\+]//g;
return( $fd ) ;
}
*BZZT!!* Wrong. Don't do this
On Tue, 10 Aug 2004 02:16:24 +0200, Thomas Loch said:
What if someone creates a shell script that simply cat /etc/shadow and sets
the SetUID flag. Then he makes a backup of that file and restores the backup
while he prevents the chown-command anyhow. All files will remain root.
Including the
On Mon, 09 Aug 2004 19:45:07 PDT, dd said:
Real solution is to have per input input validation which will always
let some potentially bad things through, but help mitigate exposures
and then do things right.
Actually, you should be doing per input validation on each field, which tries
to
On Sat, 07 Aug 2004 00:16:46 +1000, Sean Crawford [EMAIL PROTECTED] said:
Who elected this guy???.*grin*
The Supreme Court. :)
pgpo86dE6gVXf.pgp
Description: PGP signature
On Fri, 06 Aug 2004 15:39:45 CDT, John Creegan [EMAIL PROTECTED] said:
I thought this list was originally meant to focus primarily on computer
hardware/software types of security issues. Malware, discovered exploitables,
etc
OK, you need a tie-in to computers? Go read up on CALEA and
On Wed, 04 Aug 2004 09:17:04 PDT, Micah McNelly [EMAIL PROTECTED] said:
Agreed. Please take your blackhat paranoia and your 0-day, and go root
a garbage can. Defcon's main purpose is to consume massive amounts of
alchohol and throw money at strippers. Down with the bartenders!
If you
On Fri, 30 Jul 2004 23:36:49 +1000, Gregh [EMAIL PROTECTED] said:
If you dont understand that then I can understand that you dont know how to
get rid of it but the truth is that this way DOES get rid of it. There are
at LEAST 5 variants of CWS. I have met them all and beat them all.
On Fri, 30 Jul 2004 09:59:54 CDT, Todd Towles [EMAIL PROTECTED] said:
There is a free piece of software somewhere that will grab all the BHOs
(Browser Helper Objects) out of the registry and display them all. Anyone
remember where this software can be found?
I've always suspected that Browser
On Fri, 30 Jul 2004 09:39:55 EDT, Neal O'Creat said:
Could it be possible that there are different versions of this, one
making noise and one much rarer one with an exploit?
It's more likely that there's one version, making noise and very rarely finding
a box with stupid passwords. It's
On Fri, 30 Jul 2004 14:55:04 -0300, Bernardo Santos Wernesback [EMAIL PROTECTED]
said:
A few colleagues and I started a discussion as to why one should or shouldn't
buy an appliance-based firewall, ids/ips or other security appliance instead of
installing software on a server.
Does
On Thu, 29 Jul 2004 18:38:15 +0200, Stefan Janecek [EMAIL PROTECTED] said:
This does not seem to be a stupid brute force attack, as there is only
one login attempt per user. Could it be that the tool tries to exploit
some vulnerability in the sshd, and just tries to look harmless by using
On Sun, 25 Jul 2004 14:06:55 CDT, Curt Purdy [EMAIL PROTECTED] said:
I'm guessing the latter. Although story scraping would be possible,
intellegent naming of the .exe would not be. Most likely a friend... or
enemy.
http://www.cnn.com/2004/WEATHER/07/26/new.mexico.flooding.ap/index.html
On Sun, 25 Jul 2004 00:28:40 PDT, g0bb13s [EMAIL PROTECTED] said:
Good sirs and madames,
Please. Fifty dollar.
My name is G0ibbles Bugtrack,16 years from the mall of
some stupid
I thought it was amusing, but it could probably do better. SpamAssassin said:
X-spam-status: No, score=1.6
On Thu, 22 Jul 2004 11:11:00 +1000, Brad Griffin [EMAIL PROTECTED] said:
two recent examples. Here we have someone talking about 3000 year old
history in 2004! What the relevance does ancient history have to do
with the systematic destruction of another culture/society today
Both sides
On Thu, 22 Jul 2004 12:46:00 EDT, [EMAIL PROTECTED] said:
to solve them on this board. For that matter the only way that I think they
will ever be reduced is if the Palestinians manage to come up with their own
version of Gandhi or MLK.
I suspect *that* conflict will require *both* sides to
On Wed, 21 Jul 2004 14:48:13 CDT, Ron DuFresne said:
I have a different question; how does one acertain that this is indeed an
open 'hacker challenege'? Could be a critical production server for the
swedish banking system and folks tapping upon it;s service could end up
finding that the
On Tue, 20 Jul 2004 07:15:27 CDT, J.A. Terranson said:
No. Flying an airplane into a building surely takes an inconceivable
amount of hate, but it sure as hell isn't cowardice. At least these guys
are willing to back their crazy politics with their OWN lives, rather than
sending other
On Tue, 20 Jul 2004 10:12:30 PDT, Cory Crawford said:
What's interesting is how many jackasses are out there defending these guys
What's interesting is people who can't identify the difference between
defending and understanding. And if you paid attention, I never said we
don't do Bad Things
On Tue, 20 Jul 2004 17:30:45 +0200, nocturnal [EMAIL PROTECTED] said:
A co-worker has a small penetration testing challenge for all. There is
even 1000SEK in it for the winner. Have fun and good luck!
http://www.x-rates.com lists the Swedish Kroner
http://www.x-rates.com/d/SEK/table.html
On Tue, 20 Jul 2004 12:36:06 PDT, Andrew Latham said:
1. Boredom - more brains than hobbies
2. Needs
- burstable bandwidth - downloads
- knowledge
- bragin rights
3. Challenges
4. Other
You're equating black hat with one subset thereof, more or less. It's a lot
more complicated in the
On Tue, 20 Jul 2004 21:41:30 +0200, Full-Disclosure said:
Please im trying to hack, test, read, be 'up to date' learn from the
full-disclosure-lists. Not learning or be teached economics, politics,
religion, ethics or beliefs, ( then ill go to MS ;-)
Keep in mind that except for the
On Fri, 16 Jul 2004 17:36:33 PDT, g0bb13s [EMAIL PROTECTED] said:
WHO IS WATCHING ME?
DO THEY WANT TO ... DO THEY WANT TO...
No, it's more like a train wreck. You just can't not look
On the other hand, train wrecks can't be procmailed easily.
pgpQ9hdqrEzwA.pgp
Description: PGP
On Wed, 14 Jul 2004 00:44:47 EDT, [EMAIL PROTECTED] said:
DOD 5220-22M says:
d. Overwrite all addressable locations with a character, its complement, then a
random character and verify. THIS
METHOD IS NOT APPROVED FOR SANITIZING MEDIA THAT CONTAINS TOP SECRET INFORMA-
TION.
Hmm...
On Mon, 12 Jul 2004 23:23:24 +0200, Maarten [EMAIL PROTECTED] said:
* Department-of-defense level (dd as above but lots more times (like 10+))
DOD 5220-22M says:
http://www.irwin.army.mil/ac/Electronic_Publications/DoD_Pubs/DoD%205220-22-M/cp
8.pdf
Pages 14 and 15 note methods a, b, d, and m
On Thu, 08 Jul 2004 12:04:53 +0200, Matthias Benkmann [EMAIL PROTECTED] said:
I can't say I've looked at much exploit-code so far but the POC exploits
to gain root I've seen for Linux all executed /bin/sh. I'd like to know if
this is true for in-the-wild exploits to root a box, too. If so,
On Thu, 08 Jul 2004 16:04:17 PDT, Eric Paynter [EMAIL PROTECTED] said:
Applications *can* be integrated, but such integration needs to be
carefully architected from the outset of the application development.
bend over, spread, insert - works for Microsoft user integration,
why shouldn't it
On Fri, 09 Jul 2004 22:41:59 +0200, Matthias Benkmann [EMAIL PROTECTED] said:
So I have one example to back up my claim. Now it's your turn. Give me a
worm that my scheme would not have protected me against. That's all you
need to do to convince me. Easy, isn't it? No need to give me lengthy
On Mon, 05 Jul 2004 16:20:42 +0300, you said:
we have discussed this before.
the answer again is:
WE'RE NOT GONNA TAKE IT [1]
--
[1] WE'RE NOT GONNA TAKE IT
Twisted Sister
http://www.elyrics4u.com/w/we_re_not_gonna_take_it_twisted_sister.htm
Your life is trite and jaded
Boring and
On Thu, 01 Jul 2004 19:57:48 PDT, Denis Dimick said:
I do find it funny that sendmail and BIND have been thrown out in the
e-mails (don't think it was you) But these two applications are some of
the most buggy bits of code ever written.
Yes, they've had bugs. The point is that they are
On Wed, 30 Jun 2004 21:08:27 CDT, Paul Schmehl [EMAIL PROTECTED] said:
I attended a presentation yesterday for a security product in the
application firewall field. During the presentation, the CISSP stated that
in every 1000 lines of code there will be 15 errors. I don't know if I'd
On Wed, 30 Jun 2004 10:56:28 PDT, Morning Wood [EMAIL PROTECTED] said:
As a side note, I would like to know if using a exploit on a non passworded
site ( access restriction )
to obtain / change data is in fact illegal ( in the USA ) , as I recall it
is a violation to bypass
an ACCESS
On Tue, 29 Jun 2004 09:20:11 MDT, [EMAIL PROTECTED] said:
- SSH is not an IETF standard.
The documents that make up the SSH2 protocol are still at the
Internet-Draft stage. I don't know how long they've been at this stage,
but the comment from security was that it's been at this stage for
On Sun, 27 Jun 2004 00:54:40 CDT, st3ng4h [EMAIL PROTECTED] said:
Isn't this the same software that 'celebrated' its 200,000th bug a
couple years ago? uh oh...
And the issues of *why* it's that high were well understood even a hundred
thousand bug reports before that.
On Thu, 24 Jun 2004 21:12:46 PDT, VX Dude [EMAIL PROTECTED] said:
...and the build broke on OTHER systems
because there wasn't a vsnprintf() in the vendor libc
- and your boss is
telling you TO GET THE THING TO BUILD, NOW
The programmer who is willing to swear on a Bible that
they
On Fri, 25 Jun 2004 15:35:51 EDT, Michael Schaefer [EMAIL PROTECTED] said:
Has anyone used this? Are there any known security risks?
(None of this is specific to the product, but all of it is stuff that we as an
industry keep re-botching over and over, so I'll mention it here anyhow...)
Three
On Thu, 24 Jun 2004 08:27:11 PDT, VX Dude [EMAIL PROTECTED] said:
http://www.kb.cert.org/vuls/id/654390
Apparently one of the new DHCP vulnerabilities stems
from the following code found in a header file.
#define vsnprintf(buf, size, fmt, list) vsprintf (buf,
fmt, list)
Why would any
On Thu, 24 Jun 2004 11:22:18 PDT, VX Dude said:
Good point, personally I wouldn't think that making a
small wrapper would take that long, but then again I
havent done it, and I havent done it under stress and
a time crunch. I code for fun and not profit which is
pretty stress free.
Writing
On Wed, 23 Jun 2004 10:51:52 CDT, Ron DuFresne said:
The main problem with a vpn tunnel for workers from home is keeping them
from messing with the system and changing the defaults estblished, and
making sure the security policy on the machine remain as hig as the policy
for the corp network.
On Tue, 22 Jun 2004 02:37:22 EDT, Todd Burroughs said:
Maybe having magic names that don't start with '/dev' (i.e., some known
prefix) is a mistake, but I think that's a minor issue.
Actually, this sub-thread is entirely about the fact that magic names aren't a minor
issue - referencing
On Mon, 21 Jun 2004 21:52:36 MDT, Bruce Ediger [EMAIL PROTECTED] said:
And you have to open them by path /dev/null. Just opening null won't
hurt, unless the current directory happens to be /dev.
Small nit:
Actually, this may or may not be true. There is no *inherent* magic to
the /dev
On Sat, 19 Jun 2004 06:57:05 EDT, Larry Seltzer [EMAIL PROTECTED] said:
Yes, you are thinking of Swen, but it doesn't do what you suggest. It asks you for
SMTP
and POP3 server and login info, but it uses them to access your POP3 server.
Of course, they could ask you for your SMTP
On Sat, 19 Jun 2004 21:41:35 PDT, Mr. John [EMAIL PROTECTED] said:
Suppose that I am technical chair of a software group
and we have a software that security consideration
is important for us. How can I test our software to
ensure that no security vulnerabilities (like buffer
overflow
On Mon, 21 Jun 2004 09:52:09 EDT, Michael Schaefer said:
What would you suggest Microsoft do to improve ?
They will improve if and only if actually improving (as opposed to making
noises about improving) makes financial sense.
pgpf9HZlZSrfm.pgp
Description: PGP signature
On Mon, 21 Jun 2004 16:06:43 CDT, Ron DuFresne said:
[SNIP}
The second one, I concur completely, get the App stuff out of the Windows
folders.
Which includes IE.
Actually, just doing that one *alone* (splitting it out so it isn't entwined into
the OS) would probably do more
On Tue, 22 Jun 2004 09:04:37 +1200, Stuart Fox (DSL AK) [EMAIL PROTECTED] said:
No way! Am I the only person who still uses copy con filename.txt to
create scripts and such at the command line? Please tell me I'm not?
I think the intent is that con as a special filename in every directory
On Mon, 21 Jun 2004 18:33:02 EDT, joe [EMAIL PROTECTED] said:
Oh absolutely. I've said it before, they aren't coding for the common good
of the people. They are a business, to think they would make changes for any
other reason than financial gain is silly. However, without changes and
On Mon, 21 Jun 2004 18:39:10 EDT, joe [EMAIL PROTECTED] said:
Absolutely, I posted that same message in a MS specific listserv today. My
comments were along the lines of treat it like a purchased app and set up a
new team to rebuild the app from the ground up, all new code. That way all
of
On Mon, 21 Jun 2004 18:42:44 EDT, joe [EMAIL PROTECTED] said:
I am not sure I agree with the first thing. Actually I think it helps in
that it is easier for people to know something is executable veruss having
to look at additional attributes to see if something is executable.
Which is why
On Mon, 21 Jun 2004 18:55:55 EDT, joe [EMAIL PROTECTED] said:
You say you can use any editor to look at the config and you don't need a
proprietary editor. What you mean is you can use any editor that uses the
file system API to open and display the config files. With the registry you
can
On Fri, 18 Jun 2004 07:31:26 EDT, Larry Seltzer [EMAIL PROTECTED] said:
SMTP AUTH cracking and using the ISP account? Not that it can't and won't be done,
but
I'm aware of no actual examples. Could you cite one please?
There's at least one piece of malware out there that tries to use the
On Fri, 18 Jun 2004 15:18:38 EDT, Larry Seltzer said:
Well of course there's no such thing as an Outlook server but are you saying that
it's
hard-coded to specific accounts on specific servers? Obviously it would be shut down
quickly.
Exchange, not Outlook.
On Fri, 18 Jun 2004 13:22:11 CDT, Ben Timby [EMAIL PROTECTED] said:
I think everyone missed Nick's point. Since reversers work for the
competition, don't you think they would find and use the M$ undocumented
API? M$ would not be dumb enough to try it, since their competition in
this market
On Wed, 16 Jun 2004 15:53:45 PDT, Andre Ludwig [EMAIL PROTECTED] said:
Asked if that would hurt sales of competing products, such as Network
Associates' McAfee and Symantec's Norton family of products, Nash said
that Microsoft said that it would sell its anti-virus program as a
separate
On Thu, 17 Jun 2004 09:40:20 CDT, Larry [EMAIL PROTECTED] said:
I have made several attempts to validate the GPG key on this document with
GnuPG 1.2.4 and have been unsuccessful at importing the key.
Please advise.
Would you go to your mechanic and say Fix my car, it's broken, or would
On Fri, 18 Jun 2004 06:30:55 +1200, Nick FitzGerald [EMAIL PROTECTED] said:
[EMAIL PROTECTED] wrote:
Naah.. They'd never use an undocumented API to benefit their product at the
expense of the competition, would they? ;)
In this case, no.
Given that a lot of AV technical work is
On Thu, 17 Jun 2004 17:37:11 EDT, Mohit Muthanna said:
You really expect us to believe that the M$ AV team won't leverage off the
fact that they could know about that API, and all the others in Windows?
in addition, given that they have the sources to their own OS, i doubt
they really have
101 - 200 of 631 matches
Mail list logo